General
-
Target
334dedb119c75c72f048a10935d8bc53.exe
-
Size
566KB
-
Sample
210117-8c4yzx3z3s
-
MD5
334dedb119c75c72f048a10935d8bc53
-
SHA1
0c91b92da42c810a2fcbd302d0e30a488925b82f
-
SHA256
48a9fa89c40a87c58cff1080620930907105f936bcf7be18e762d9bd5ae565f9
-
SHA512
d7d4ac15d8df2b974e5ae5b3beb2c80705d160c49df97b330230cc72f1b6cb19fdfba2effaaab22c14b920e46f0079167131e4e43bccf343e14db3747fd0158c
Static task
static1
Behavioral task
behavioral1
Sample
334dedb119c75c72f048a10935d8bc53.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Extracted
matiex
Protocol: smtp- Host:
srvc13.turhost.com - Port:
587 - Username:
info@bilgitekdagitim.com - Password:
italik2015
Targets
-
-
Target
334dedb119c75c72f048a10935d8bc53.exe
-
Size
566KB
-
MD5
334dedb119c75c72f048a10935d8bc53
-
SHA1
0c91b92da42c810a2fcbd302d0e30a488925b82f
-
SHA256
48a9fa89c40a87c58cff1080620930907105f936bcf7be18e762d9bd5ae565f9
-
SHA512
d7d4ac15d8df2b974e5ae5b3beb2c80705d160c49df97b330230cc72f1b6cb19fdfba2effaaab22c14b920e46f0079167131e4e43bccf343e14db3747fd0158c
-
Matiex Main Payload
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-